Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/11/2023, 14:59

231105-sczbasfg4w 8

05/11/2023, 14:53

231105-r9n16aff4t 3

General

  • Target

    cyrus n word.png

  • Size

    13KB

  • Sample

    231105-sczbasfg4w

  • MD5

    0592bbfc0626781b59de9edee34386c0

  • SHA1

    00ed32f102f0174f56d1f759f964414d39327a48

  • SHA256

    d10a6da2b3ad236ac3c7ebe61204fe900237e368f78a2a98f7c6e9185fdaa152

  • SHA512

    3a4ddf26dd2403967242b9494c995598948dbf75f977c7c334a4b19c3b2878c333b8b44575bf8fdb76c863af2b989a8bff0e5e2b7e8368e9ac96bbc1ba5314d5

  • SSDEEP

    192:cWrOR+4rzdLe2G5UgTXgboi6gAYBiTagaGOTZfveeeMPE0yeetXYLMXBBzPfjo+Y:3Oh5gTYOgkecKTUedMRB7b3d+QZ1w

Malware Config

Targets

    • Target

      cyrus n word.png

    • Size

      13KB

    • MD5

      0592bbfc0626781b59de9edee34386c0

    • SHA1

      00ed32f102f0174f56d1f759f964414d39327a48

    • SHA256

      d10a6da2b3ad236ac3c7ebe61204fe900237e368f78a2a98f7c6e9185fdaa152

    • SHA512

      3a4ddf26dd2403967242b9494c995598948dbf75f977c7c334a4b19c3b2878c333b8b44575bf8fdb76c863af2b989a8bff0e5e2b7e8368e9ac96bbc1ba5314d5

    • SSDEEP

      192:cWrOR+4rzdLe2G5UgTXgboi6gAYBiTagaGOTZfveeeMPE0yeetXYLMXBBzPfjo+Y:3Oh5gTYOgkecKTUedMRB7b3d+QZ1w

    • Downloads MZ/PE file

    • Drops startup file

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks